sessionID express 3.0 connect 2.0

Hi been working a bit with the master branch from git and maybe it is
me being relatively newbie but on the 2.* the req.sessionID was the
same as in the cookie parsed [connect.sid] but in 3.0 I only get the
utils.uid(24) when getting req.sessionID not the rest . base etc. as
in connect 1.*

Hi, same here,I just switched to Express 3.0.0alpha1 and req.sessionID is different from Express 2.x

It seems the sessionStore keys are now the shorter uid(24)-only version and no longer the 'long' version (described in the above post) stored in the cookie.

I use socket.io and the technique described here: http://www.danielbaulig.de/socket-ioexpress/ to retrieve the Express sessions...My 'problem' is that in socket.io's handshake, I retrieve the cookie's 'express.sid' value which is the full one stored in the cookie... therefore it's no longer the key for the Express session in the sessionStore...

data.sessionID = cookie['express.sid']; //the long/full version stored in the cookie

sessionStore.load(data.sessionID, function(err, session) {

//session not loaded... undefined...

});

For the moment I fixed it doing a simple split('.')[0] to retrieve the uid(24) part:

data.sessionID = cookie['express.sid'].split('.')[0];

sessionStore.load(data.sessionID, function(err, session) {

//session loaded OK...

});

Just like Allan hansen I'd like to know if indeed the req.sessionID is now supposed to be only the uid(24) part of the whole cookie express.sid

and if the technique I used to retrieve the session within socket.io is the way to go from now on or is there (probably) a better/cleaner way to do it?

technically the SID is only the left-hand side, but I agree that this confuses things, we can tweak that back to how it was. I dont remember deliberately changing it so it may have been more of a regression.

oh right it's because of the new cookie signing stuff :) forgot about that. The signature is stripped before it gets to the session() middleware, so that's why it's only the *real* id now. You wouldn't want to use that value without checking the signature